Kubernetes快速部署
准备工作
角色 | IP | 系统 |
---|---|---|
master | 192.168.237.138 | centos8 |
node1 | 192.168.237.140 | centos8 |
node2 | 192.168.237.141 | centos8 |
1、设置主机名、关闭三台主机的防火墙和selinux、还有swap分区空间
这一步的操作是三台主机都要做的
//设置主机名
[root@localhost ~]# hostnamectl set-hostname master.example.com
[root@localhost ~]# bash
[root@master ~]# hostname
master.example.com
[root@localhost ~]# hostnamectl set-hostname node1.example.com
[root@localhost ~]# bash
[root@node1 ~]# hostname
node1.example.com
[root@localhost ~]# hostnamectl set-hostname node2.example.com
[root@localhost ~]# bash
[root@node2 ~]# hostname
node2.example.com
//关闭防火墙和selinux
[root@master ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@master ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
//关闭swap分区
[root@master ~]# vim /etc/fstab
#
# /etc/fstab
# Created by anaconda on Tue Nov 23 07:42:34 2021
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
/dev/mapper/cl-root / xfs defaults 0 0
UUID=1e7bf4d9-bfba-432d-b86c-3154636247a5 /boot xfs defaults 0 0
/dev/mapper/cl-home /home xfs defaults 0 0
/dev/mapper/cl-swap none swap defaults 0 0 //删除该行
2、master配置DNS域名解析、IPv4流量传递到iptables的链。
node节点无需任何操作
//在master上添加DNS域名解析,让三台主机互通
[root@master ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
#添加以下三行内容
192.168.237.138 master master.example.com
192.168.237.140 node1 node1.example.com
192.168.237.141 node2 node2.example.com
//master上配置流量传递
[root@master ~]# cat > /etc/sysctl.d/k8s.conf <<EOF
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> EOF
[root@master ~]# cat /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
[root@master ~]# sysctl --system //让刚刚修改的配置生效
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-coredump.conf ...
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %e
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.promote_secondaries = 1
net.core.default_qdisc = fq_codel
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /usr/lib/sysctl.d/50-libkcapi-optmem_max.conf ...
net.core.optmem_max = 81920
* Applying /usr/lib/sysctl.d/50-pid-max.conf ...
kernel.pid_max = 4194304
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/k8s.conf ... //成功读取到新添加的配置文件
* Applying /etc/sysctl.conf ...
3、时间同步、免密登陆
时间同步是所有主机都要做的。而免密登陆是在master上操作,node节点无需任何操作
//安装chrony
[root@master ~]# yum -y install chrony
//配置chrony
[root@master ~]# vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool time1.aliyun.com iburst //修改该行
...
[root@master ~]# systemctl enable --now chronyd
[root@master ~]# systemctl status chronyd
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2021-12-18 11:26:20 CST; 17s ago
Docs: man:chronyd(8)
man:chrony.conf(5)
//master上做免密登陆,做这一步前要确保可以在master上ping通每个node
[root@master ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:L67eieboG6vaQB8prI7T2+W0/Depj7l4YP5YF5qMTwM root@master.example.com
The key's randomart image is:
+---[RSA 3072]----+
| |
| |
| |
|. . |
| + o E S